Uploaded image for project: 'JSPWiki'
  1. JSPWiki
  2. JSPWIKI-836

container-managed authorization broken

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Duplicate
    • 2.10
    • None
    • Authentication & Authorization
    • None

    • tomcat-7.0.52, Oracle Java 1.7.0_51, Ubuntu 13.10

    Description

      I did a fresh installation of JSPWiki 2.10.0 on apache-tomcat-7.0.52 (Java 7) and enabled container-managed authorization in web.xml

      When I try to log into the wiki, the login screen reappears forever.

      User and role in tomcat-users.xml seem to be fine, when I try the Tomcat security sample (to which I added the Authenticated role) at
      http://ubuntu:8080/examples/jsp/security/protected/index.jsp
      the user has the role:

      You are logged in as remote user wiki in session ACD11187E8CF5E70FD05C88D77F36F46

      Your user principal name is wiki

      You have been granted role Authenticated

      But the wiki refuses to accept the user (this container-managed authorization setup used to work with 2.8.4)

      I am not sure what actually went wrong, there is nothing in the logs, might be that the user could not be gotten from the container, might be, that the policy (which I did not touch) is wrong, or that web.xml could not be parsed.

      Attachments

        1. jspwiki-custom.properties
          0.6 kB
          Jürgen Weber

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. JSPWIKI-831 Container managed authorization does not work in tomcat

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              weberjn Jürgen Weber
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: